Thanks for your information pratul I do know about DOM and XSS, I wasn't able to reproduce this bug on my end that's why i requested you to post video on that.
I do agree with vipul that this is not working, and I checked this bug twice already so i am quite sure about it that this flaw isn't working on yahoomail. If in case this works then please come up with a POC video :) Looking forward for your response :) Cheers, Rockey On Tue, Jun 15, 2010 at 10:29 PM, Vipul Agarwal <[email protected]>wrote: > Hello Pratul! > > I'm sure that the flaw was working on 13th June when you disclosed it on > the list. > But its not working today and input is being filtered. Please check it out. > > > > On Wed, Jun 16, 2010 at 9:49 AM, pratul agrawal <[email protected]>wrote: > >> Thanks Brother, >> >> See, how this occurred, Basically in most of the >> cases Developers Simply design a APIs and when the client request for any >> page this APIs gets Stored in the Client side. its main task is to takes the >> user input and shows the result immediately to the client without sending >> request to the server. so when this type of APIs is vulnerable to XSS this >> is called the DOM based XSS. >> >> Now in this case, when we click on [New Folder] for creating any new >> folder and provide any javascript, it directly took by the API stored in the >> client side when the inbox page is load in the client side in yahoomail, and >> get reflected. >> >> that's all the story Bro, hope you understand what i really want to say. >> >> Thanks, >> Pratul Agrawal >> >> --- On *Tue, 15/6/10, Benji <[email protected]>* wrote: >> >> >> From: Benji <[email protected]> >> >> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability >> To: "pratul agrawal" <[email protected]> >> Cc: "[email protected]" <[email protected]>, " >> [email protected]" <[email protected]>, " >> [email protected]" <[email protected]>, "[email protected]" < >> [email protected]> >> Date: Tuesday, 15 June, 2010, 9:57 AM >> >> >> Sup bro >> >> I waz checkin owt ur javascriptz skriptz and waz wonderin if u cud explain >> how diz shiz werks. >> >> Peaze. >> >> Sent from my iPhone >> >> On 15 Jun 2010, at 09:18, pratul agrawal >> <[email protected]<http://mc/[email protected]>> >> wrote: >> >> Its working Bro. I think u had done some mistakes so u try it again with >> check that javascript execution feature is enable in your browser. and bro >> for execution of script it is must to use proper syntax that contain special >> characters. just put "><script>alert(123)<script> in the New Folderfield >> comes in the >> Move button and you will saw a pop up message with 123 reflected. >> >> Have a nice time bro, >> Pratul Agrawal >> >> --- On *Tue, 15/6/10, ㅤ ㅤRockey >> <[email protected]<http://mc/[email protected]> >> >* wrote: >> >> >> From: ㅤ ㅤRockey <[email protected] <http://mc/[email protected]> >> > >> Subject: Re: [Full-disclosure] yahoomail dom based xss vulnerability >> To: >> Cc: >> [email protected]<http://mc/[email protected]>, >> [email protected] <http://mc/[email protected]>, >> <http://mc/[email protected]>[email protected]<http://mc/[email protected]> >> Date: Tuesday, 15 June, 2010, 5:10 AM >> >> >> Tried reproducing on yahoo mail >> both on the classic and new one . Error message i got in both cases were >> >> "Sorry, but your folder name has prohibited characters (please use >> letters, numbers, dashes, and underscores). Please fix it and try again." >> >> Cheers, >> Rockey >> >> -- >> It's all about Hacking and Security >> >> <http://h4ck3r.in/>http://h4ck3r.in/ >> >> >> -----Inline Attachment Follows----- >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html> >> http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - <http://secunia.com/> >> http://secunia.com/ >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: <http://lists.grok.org.uk/full-disclosure-charter.html> >> http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - <http://secunia.com/> >> http://secunia.com/ >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > > -- > Thanks and Regards, > Vipul Agarwal > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- It's all about Hacking and Security http://h4ck3r.in/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
